The lack of visibility & control has dogged SaaS applications from the beginning. SaaS application vendors have struggled to match the visibility, security and control available with on-premise applications.
In migrating to SaaS apps, many enterprises have deployed Identity and Access Management (IAM) products in order to provide Single Sign-On (SSO). These products are available from a number of established and startup vendors as software or hosted service. These products are being marketed as “visibility” tools in addition to Identity/SSO. Their major limitation, however, is that because they are not in the data path and only participate in Login and Logout, they provide no visibility into what happened during the session.
In other words, they can tell you who logged in and when, and when they logged out, but are blind to what the user did in between - did he or she download the company’s source code to a mobile device or copy upcoming quarterly financial results to a cloud storage service? This is akin to an inventory tracking system at a department store being able to tell the store manager who walked in and out of the store, but not what they bought or stole. Interesting data, maybe. Useful, maybe not.
Today’s IT organizations need visibility into what users are doing while accessing applications. Whether you are in a heavily regulated industry with compliance mandates or in any organization with data to protect, visibility into who is accessing that data and what they are doing with it is of paramount importance. The technology providing that visibility must be in the data path in order to answer these types of questions.
Don’t get me wrong - IAM products play an important role in federating user identity across disparate applications. The question is whether the level of visibility they provide meets your needs.
Full visibility across all of your applications is the foundation to securing your data.